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CLAIMS 

1 . A method of controlling usage of network resources on a communications network, 
the method comprising acts of: 

(A) creating one or more packet rules for analyzing packets received at one or more 
devices of the communications network, each rule including a condition and action to be 
taken if a packet received at a device satisfies the condition; and 

(B) creating one or more service abstractions, each service abstraction representing a 
named set of one or more of the packet rules. 

2. The method of claim 1, further comprising an act of: 

(C) configuring a network device of the communications network with one or more 
packet rules according to at least one of the service abstractions. 

3 . The method of claim 2, wherein the act (C) comprises: 

configuring a port module of a switching device of the communications network with 
one or more packet rules according to at least one of the service abstractions. 

4. The method of claim 2, wherein the act (C) comprises: 

configuring a firewall of a network device of the communications network with one 
or more packet rules according to at least one of the service abstractions. 

5 . The method of claim 1 , further comprising an act of: 

(C) distributing the one or more service abstractions to one or more network devices 
residing on the communications network. 

6 . The method of claim 1 , further comprising an act of: 

(C) associating one or more of the service abstractions with a user of the 
communications network. 

7. The method of claim 1 , further comprising an act of: 

(C) creating one or more role abstractions, each role abstraction representing a role of 
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a user with respect to the communications network, and each role abstraction including a set 
of one more service abstractions. 

8. The method of claim 7, further comprising an act of: 

5 (D) configuring a network device of the communications network with one or more 

packet rules according to one of the role abstractions. 

9. The method of claim 8, wherein act (D) comprises: 

configuring a port module of a switching device of the communications network with 
10 one or more packet rules according to one of the role abstractions. 

1 0 . The method of claim 8, wherein act (D) comprises : 

configuring a firewall of a network device of the communications network with one 
C3 or more packet rules according to one of the role abstractions. 

15 

. ; 11. The method of claim 7, further comprising an act of: 

□a (D) distributing the one or more role abstractions to one or more network devices 

residing on the communications network. 

20 12. The method of claim 7, further comprising an act of: 

(D) assigning one of the role abstractions to at least a first user of the communications 
network. 



13. A system for controlling usage of network resources on a communications network, 
25 the system comprising: 

a rule editing module to create one or more packet rules for analyzing packets 
received at one or more devices of the communications network, each rule including a 
condition and action to be taken if a packet received at a device satisfies the condition; and 
a service editing module to create one or more service abstractions, each service 
30 abstraction representing a named set of one or more of the packet rules. 
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14. The system of claim 13, further comprising: 

logic to configure a network device with one or more packet rules according to at 
least one of the service abstractions. 

15. The system of claim 14, wherein the logic comprises: 

port configuration logic to configure a port module of a switching device with one or 
more packet rules according to at least one of the service abstractions. 

1 6. The system of claim 14, wherein the logic comprises: 

firewall logic to configure a firewall of a network device with one or more packet 
rules according to at least one of the service abstractions. 

1 7 . The system of claim 1 3 , further comprising : 

a distribution module to distribute the one or more service abstractions to one or more 
network devices residing on the communications network. 

1 8 . The system of claim 1 3 , further comprising : 

assigning logic to associate one or more of the service abstractions with a user of the 
communications network. 

1 9. The system of claim 1 3 , further comprising: 

a role editing module to create one or more role abstractions, each role abstraction 
representing a role of a user with respect to the communications network, and each role 
abstraction including a set of one more service abstractions. 

20. The system of claim 19, further comprising: 

logic to configure a network device with one or more packet rules according to one of 
the role abstractions. 

2 1 . The system of claim 20, wherein the logic comprises: 

port configuration logic to configure a port module of a switching device with one or 
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more packet rules according to one of the role abstractions. 

22. The system of claim 20, wherein the logic comprises: 

firewall logic to configure a firewall of a network device with one or more packet 
rules according to one of the role abstractions. 

23 . The system of claim 1 9, further comprising: 

a distribution module to distribute the one or more role abstractions to one or more 
network devices residing on the communications network. 



24. The system of claim 19, further comprising: 

assigning logic to assign one of the role abstractions to at least a first user of the 
communications network. 



■0 25. A system for controlling usage of network resources on a communications network, 

the system comprising: 

i!y a rule editing module to create one or more packet rules for analyzing packets 

■U received at one or more devices of the communications network, each rule including a 

condition and action to be taken if a packet received at a device satisfies the condition; and 
:|p means for creating one or more service abstractions, each service abstraction 

representing a named set of one or more of the packet rules. 

26. A computer program product, comprising: 
a computer readable medium; and 
25 computer readable signals stored on the computer readable medium that define 

instructions that, as a result of being executed by a computer, instruct the computer to 
perform a process of controlling usage of network resources on a communications network, 
the process comprising acts of: 

(A) creating one or more packet rules for analyzing packets received at one or more 
30 devices of the communication network, each rule including a condition and action to be taken 

if a packet received at a device satisfies the condition; and 
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(B) creating one or more service abstractions, each service abstraction representing a 
named set of one or more of the packet rules. 

27. A method of controlling usage of network resources on a communications network, 
5 the method comprising acts of: 

(A) creating one or more packet rules for analyzing packets received at one or more 
devices of the communication network, each rule including a condition and action to be taken 
if a packet received at a device satisfies the condition; and 

(B) creating one or more role abstractions, each role abstraction representing a role of 
1 0 a user with respect to the communications network, and each role abstraction including a set 

of one more packet rules. 



28. The method of claim 27, further comprising an act of: 
=3 (C) configuring a network device of the communications network with one or more 

li> packet rules according to one of the role abstractions. 

03 29. The method of claim 28, wherein act (C) comprises: 

g. configuring a port module of a switching device of the communications network with 

ii? one or more packet rules according to one of the role abstractions. 

20 

30. The method of claim 28, wherein act (C) comprises: 

configuring a firewall of a network device of the communications network with one 
or more packet rules according to one of the role abstractions. 



25 31. The method of claim 27, further comprising an act of: 

(C) distributing the one or more role abstractions to one or more network devices 
residing on the communications network. 

32. The method of claim 27, further comprising an act of: 
30 (C) assigning one of the role abstractions to at least a first user of the communications 
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network. 

33. A system for controlling usage of network resources on a communications network, 
the system comprising: 

a rule editing module to create one or more packet rules for analyzing packets 
received at one or more devices of the communications network, each rule including a 
condition and action to be taken if a packet received at a device satisfies the condition; and 

a role editing module to create one or more role abstractions, each role abstraction 
representing a role of a user with respect to the cornmunications network, and each role 
abstraction including a set of one more packet rules. 

34. The system of claim 33, further comprising: 

logic to configure a port module of a network device with one or more packet rules 
according to one of the role abstractions. 

35. The system of claim 34, wherein the logic comprises: 

port configuration logic to configure a port module of a switching device with one or 
more packet rules according to one of the role abstractions. 

36. The system of claim 34, wherein the logic comprises: 

firewall logic to configure a firewall of a network device with one or more packet 
rules according to one of the role abstractions. 

3 7 . The system of claim 3 3 , further comprising: 

a distribution module to distribute the one or more role abstractions to one or more 
network devices residing on the communications network. 

3 8 . The system of claim 3 3 , further comprising: 

assigning logic to assign one of the role abstractions to at least a first user of the 
communications network. 
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39. A system for controlling usage of network resources on a communications network, 
the system comprising: 

a rule editing module to create one or more packet rules for analyzing packets 
received at one or more devices of the communications network, each rule including a 
5 condition and action to be taken if a packet received at a device satisfies the condition; and 

means for creating one or more role abstractions, each role abstraction representing a 
role of a user with respect to the communications network, and each role abstraction 
including a set of one more service abstractions. 

10 40 . A computer program product, comprising: 

a computer readable medium; and 

computer readable signals stored on the computer readable medium that define 
instructions that, as a result of being executed by a computer, instruct the computer to 
Sj perform a process of controlling usage of network resources on a communications network, 

] 5 the process comprising acts of: 

(A) creating one or more packet rules for analyzing packets received at one or more 
devices of the communications network, each rule including a condition and action to be 
taken if a packet received at a device satisfies the condition; and 
Q (B) creating one or more role abstractions, each role abstraction representing a role of 

: 20 a user with respect to the communications network, and each role abstraction including a set 

of one more service abstractions. 
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